var-202104-0638
Vulnerability from variot

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. The vulnerability stems from insufficient validation of user-provided input when image files are processed in the ImageIO component in macOS, so this vulnerability exists. A remote attacker could deliver a specially crafted file to the application and perform a denial of service (DoS) attack. Vulnerabilities exist in the following products or versions: macOS 11.0, macOS 11.0.1, macOS 11.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2021-02-01-2 Additional information for APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4

iOS 14.4 and iPadOS 14.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212146.

Analytics Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2021-1761: Cees Elzinga Entry added February 1, 2021

APFS Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local user may be able to read arbitrary files Description: The issue was addressed with improved permissions logic. CVE-2021-1797: Thomas Tempelmann Entry added February 1, 2021

Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1794: Jianjun Dai of 360 Alpha Lab Entry added February 1, 2021

Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1795: Jianjun Dai of 360 Alpha Lab CVE-2021-1796: Jianjun Dai of 360 Alpha Lab Entry added February 1, 2021

Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1780: Jianjun Dai of 360 Alpha Lab Entry added February 1, 2021

CoreAnimation Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed with improved state management. CVE-2021-1760: @S0rryMybad of 360 Vulcan Team Entry added February 1, 2021

CoreAudio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab Entry added February 1, 2021

CoreGraphics Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1776: Ivan Fratric of Google Project Zero Entry added February 1, 2021

CoreMedia Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT Entry added February 1, 2021

CoreText Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-1772: Mickey Jin of Trend Micro Entry added February 1, 2021

CoreText Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021

Crash Reporter Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local user may be able to create or modify system files Description: A logic issue was addressed with improved state management. CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security Entry added February 1, 2021

Crash Reporter Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to elevate their privileges Description: Multiple issues were addressed with improved logic. CVE-2021-1787: James Hutchins Entry added February 1, 2021

FairPlay Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro Entry added February 1, 2021

FontParser Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1758: Peter Nguyen of STAR Labs Entry added February 1, 2021

ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021

ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2021-1766: Danny Rosseau of Carve Systems Entry added February 1, 2021

ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021

ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021

ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab Entry added February 1, 2021

ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Qi Sun of Trend Micro CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021

ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021

ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: An out-of-bounds read issue existed in the curl. CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021

ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An access issue was addressed with improved memory management. CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021

IOSkywalkFamily Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to elevate their privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba Security Entry added February 1, 2021

iTunes Store Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted URL may lead to arbitrary javascript code execution Description: A validation issue was addressed with improved input sanitization. CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs Entry added February 1, 2021

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: A use after free issue was addressed with improved memory management. CVE-2021-1764: Maxime Villard (@m00nbsd) Entry added February 1, 2021

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple issues were addressed with improved logic. CVE-2021-1750: @0xalsr Entry added February 1, 2021

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1782: an anonymous researcher

Messages Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to leak sensitive user information Description: A privacy issue existed in the handling of Contact cards. CVE-2021-1781: Csaba Fitzl (@theevilbit) of Offensive Security Entry added February 1, 2021

Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-1763: Mickey Jin of Trend Micro Entry added February 1, 2021

Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021

Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021

Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1762: Mickey Jin of Trend Micro Entry added February 1, 2021

Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021

Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1753: Mickey Jin of Trend Micro Entry added February 1, 2021

Phone Keypad Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker with physical access to a device may be able to see private contact information Description: A lock screen issue allowed access to contacts on a locked device. CVE-2021-1756: Ryan Pickren (ryanpickren.com) Entry added February 1, 2021

Swift Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved validation. CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs Entry added February 1, 2021

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1788: Francisco Alonso (@revskills) Entry added February 1, 2021

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-1789: @S0rryMybad of 360 Vulcan Team Entry added February 1, 2021

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Maliciously crafted web content may violate iframe sandboxing policy Description: This issue was addressed with improved iframe sandbox enforcement. CVE-2021-1801: Eliya Stein of Confiant Entry added February 1, 2021

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1871: an anonymous researcher CVE-2021-1870: an anonymous researcher

WebRTC Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed with additional port validation. CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar Entry added February 1, 2021

Additional recognition

iTunes Store We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance. Entry added February 1, 2021

Kernel We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance. Entry added February 1, 2021

libpthread We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance. Entry added February 1, 2021

Mail We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) and an anonymous researcher for their assistance. Entry added February 1, 2021

Store Demo We would like to acknowledge @08Tc3wBB for their assistance. Entry added February 1, 2021

WebRTC We would like to acknowledge Philipp Hancke for their assistance. Entry added February 1, 2021

Wi-Fi We would like to acknowledge an anonymous researcher for their assistance. Entry added February 1, 2021

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtAACgkQZcsbuWJ6 jjCK6g//dClC7Zq+dOqvuwvDa1ZMQ/R7pmp9qn2jFQsN41sf3JXSUT5AT2qhkB+W BvfgNl4JEAhdFigcuChzNWjrtQjT30Iqu/mPKF9zh8FRi5Uc0Z+UDAS4QAJcYmBl naDKY9u0SIyzxyvoK2AhfnbgAy7xsICNUiPFIV3sLS20NnKaItd/zBVCsgiMnpXD lXBJJfoJZcKzUxsHVGuh3DU9FgyS0Ypo8EAuZTPT511rco7nAqQ+RY5s8DRZ91Up BWoFQezmVQmxHGA2rwJH+RgSUOUywCNi/xLinAdNq8en4db8UtSmUcQHqaFgybBk bfWN3apPFq7vKCPbW8NI4JPBeP4WhORGH1V2jgJV8DM8Lod/Uh1yJrcZ5a4FxwCO VZKROL2UwE8T3tNYNlYoIr83FKVeMxnYhEP+xSSM3iZGtIflkcO3UtfitJlV0U26 RCavBUyxJV1aqb/3ic/WwLco7jBeOEIUkoZq7djyo8K1LrVSxZvBAUveV+Y2qvz3 UrbdDeTaTqDZ+rgQjOTcMJsvLHwzcrD8DdhgAMt9FAsVZ+dxSsqrMBNxhtc5uRyf bSTDyJc4epsC5S6IrjHaePdnv65tuIjC/JYmBvdshtp5j3aUnJUGWPhWuuhDLIjh oxMn01QVy9KvVSQs3kqot8Ai8e1hXGnzwDUHEqPQLYzEi77v8HU= =WL5N -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0638",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.6"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.6"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.4"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.4"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.4"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1773"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.14.6",
                "versionStartIncluding": "10.14",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.7",
                "versionStartIncluding": "10.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.2",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1773"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "db": "PACKETSTORM",
        "id": "161246"
      },
      {
        "db": "PACKETSTORM",
        "id": "161247"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-091"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2021-1773",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-376433",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-1773",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-1773",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-091",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-376433",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-1773",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376433"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1773"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1773"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-091"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. The vulnerability stems from insufficient validation of user-provided input when image files are processed in the ImageIO component in macOS, so this vulnerability exists. A remote attacker could deliver a specially crafted file to the application and perform a denial of service (DoS) attack. Vulnerabilities exist in the following products or versions: macOS 11.0, macOS 11.0.1, macOS 11.1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-02-01-2 Additional information for\nAPPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4\n\niOS 14.4 and iPadOS 14.4 addresses the following issues. Information\nabout the security content is also available at\nhttps://support.apple.com/HT212146. \n\nAnalytics\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2021-1761: Cees Elzinga\nEntry added February 1, 2021\n\nAPFS\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A local user may be able to read arbitrary files\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1797: Thomas Tempelmann\nEntry added February 1, 2021\n\nBluetooth\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1794: Jianjun Dai of 360 Alpha Lab\nEntry added February 1, 2021\n\nBluetooth\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1795: Jianjun Dai of 360 Alpha Lab\nCVE-2021-1796: Jianjun Dai of 360 Alpha Lab\nEntry added February 1, 2021\n\nBluetooth\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1780: Jianjun Dai of 360 Alpha Lab\nEntry added February 1, 2021\n\nCoreAnimation\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A malicious application could execute arbitrary code leading\nto compromise of user information\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-1760: @S0rryMybad of 360 Vulcan Team\nEntry added February 1, 2021\n\nCoreAudio\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nCoreGraphics\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1776: Ivan Fratric of Google Project Zero\nEntry added February 1, 2021\n\nCoreMedia\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT\nEntry added February 1, 2021\n\nCoreText\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A stack overflow was addressed with improved input\nvalidation. \nCVE-2021-1772: Mickey Jin of Trend Micro\nEntry added February 1, 2021\n\nCoreText\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1792: Mickey Jin \u0026 Junzhi Lu of Trend Micro\nEntry added February 1, 2021\n\nCrash Reporter\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A local user may be able to create or modify system files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added February 1, 2021\n\nCrash Reporter\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A local attacker may be able to elevate their privileges\nDescription: Multiple issues were addressed with improved logic. \nCVE-2021-1787: James Hutchins\nEntry added February 1, 2021\n\nFairPlay\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A malicious application may be able to disclose kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. \nCVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun \u0026 Mickey Jin of Trend\nMicro\nEntry added February 1, 2021\n\nFontParser\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1758: Peter Nguyen of STAR Labs\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: This issue was addressed with improved checks. \nCVE-2021-1766: Danny Rosseau of Carve Systems\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey\nJin \u0026 Qi Sun of Trend Micro\nCVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey\nJin \u0026 Junzhi Lu of Trend Micro\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: An out-of-bounds read issue existed in the curl. \nCVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An access issue was addressed with improved memory\nmanagement. \nCVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nIOSkywalkFamily\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A local attacker may be able to elevate their privileges\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba\nSecurity\nEntry added February 1, 2021\n\niTunes Store\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted URL may lead to arbitrary\njavascript code execution\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs\nEntry added February 1, 2021\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1764: Maxime Villard (@m00nbsd)\nEntry added February 1, 2021\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple issues were addressed with improved logic. \nCVE-2021-1750: @0xalsr\nEntry added February 1, 2021\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A malicious application may be able to elevate privileges. \nApple is aware of a report that this issue may have been actively\nexploited. \nCVE-2021-1782: an anonymous researcher\n\nMessages\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A privacy issue existed in the handling of Contact\ncards. \nCVE-2021-1781: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added February 1, 2021\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-1763: Mickey Jin of Trend Micro\nEntry added February 1, 2021\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1768: Mickey Jin \u0026 Junzhi Lu of Trend Micro\nEntry added February 1, 2021\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1745: Mickey Jin \u0026 Junzhi Lu of Trend Micro\nEntry added February 1, 2021\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1762: Mickey Jin of Trend Micro\nEntry added February 1, 2021\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: This issue was addressed with improved checks. \nCVE-2021-1767: Mickey Jin \u0026 Junzhi Lu of Trend Micro\nEntry added February 1, 2021\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1753: Mickey Jin of Trend Micro\nEntry added February 1, 2021\n\nPhone Keypad\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: An attacker with physical access to a device may be able to\nsee private contact information\nDescription: A lock screen issue allowed access to contacts on a\nlocked device. \nCVE-2021-1756: Ryan Pickren (ryanpickren.com)\nEntry added February 1, 2021\n\nSwift\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs\nEntry added February 1, 2021\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1788: Francisco Alonso (@revskills)\nEntry added February 1, 2021\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-1789: @S0rryMybad of 360 Vulcan Team\nEntry added February 1, 2021\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Maliciously crafted web content may violate iframe sandboxing\npolicy\nDescription: This issue was addressed with improved iframe sandbox\nenforcement. \nCVE-2021-1801: Eliya Stein of Confiant\nEntry added February 1, 2021\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause arbitrary code\nexecution. Apple is aware of a report that this issue may have been\nactively exploited. \nCVE-2021-1871: an anonymous researcher\nCVE-2021-1870: an anonymous researcher\n\nWebRTC\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A malicious website may be able to access restricted ports on\narbitrary servers\nDescription: A port redirection issue was addressed with additional\nport validation. \nCVE-2021-1799: Gregory Vishnepolsky \u0026 Ben Seri of Armis Security, and\nSamy Kamkar\nEntry added February 1, 2021\n\nAdditional recognition\n\niTunes Store\nWe would like to acknowledge CodeColorist of Ant-Financial Light-Year\nLabs for their assistance. \nEntry added February 1, 2021\n\nKernel\nWe would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin \u0026 Jesse\nChange of Trend Micro for their assistance. \nEntry added February 1, 2021\n\nlibpthread\nWe would like to acknowledge CodeColorist of Ant-Financial Light-Year\nLabs for their assistance. \nEntry added February 1, 2021\n\nMail\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) and\nan anonymous researcher for their assistance. \nEntry added February 1, 2021\n\nStore Demo\nWe would like to acknowledge @08Tc3wBB for their assistance. \nEntry added February 1, 2021\n\nWebRTC\nWe would like to acknowledge Philipp Hancke for their assistance. \nEntry added February 1, 2021\n\nWi-Fi\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added February 1, 2021\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtAACgkQZcsbuWJ6\njjCK6g//dClC7Zq+dOqvuwvDa1ZMQ/R7pmp9qn2jFQsN41sf3JXSUT5AT2qhkB+W\nBvfgNl4JEAhdFigcuChzNWjrtQjT30Iqu/mPKF9zh8FRi5Uc0Z+UDAS4QAJcYmBl\nnaDKY9u0SIyzxyvoK2AhfnbgAy7xsICNUiPFIV3sLS20NnKaItd/zBVCsgiMnpXD\nlXBJJfoJZcKzUxsHVGuh3DU9FgyS0Ypo8EAuZTPT511rco7nAqQ+RY5s8DRZ91Up\nBWoFQezmVQmxHGA2rwJH+RgSUOUywCNi/xLinAdNq8en4db8UtSmUcQHqaFgybBk\nbfWN3apPFq7vKCPbW8NI4JPBeP4WhORGH1V2jgJV8DM8Lod/Uh1yJrcZ5a4FxwCO\nVZKROL2UwE8T3tNYNlYoIr83FKVeMxnYhEP+xSSM3iZGtIflkcO3UtfitJlV0U26\nRCavBUyxJV1aqb/3ic/WwLco7jBeOEIUkoZq7djyo8K1LrVSxZvBAUveV+Y2qvz3\nUrbdDeTaTqDZ+rgQjOTcMJsvLHwzcrD8DdhgAMt9FAsVZ+dxSsqrMBNxhtc5uRyf\nbSTDyJc4epsC5S6IrjHaePdnv65tuIjC/JYmBvdshtp5j3aUnJUGWPhWuuhDLIjh\noxMn01QVy9KvVSQs3kqot8Ai8e1hXGnzwDUHEqPQLYzEi77v8HU=\n=WL5N\n-----END PGP SIGNATURE-----\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1773"
      },
      {
        "db": "VULHUB",
        "id": "VHN-376433"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1773"
      },
      {
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "db": "PACKETSTORM",
        "id": "161246"
      },
      {
        "db": "PACKETSTORM",
        "id": "161247"
      }
    ],
    "trust": 1.35
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-376433",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376433"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-1773",
        "trust": 2.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161246",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0354",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-091",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "161248",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161247",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-376433",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1773",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376433"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1773"
      },
      {
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "db": "PACKETSTORM",
        "id": "161246"
      },
      {
        "db": "PACKETSTORM",
        "id": "161247"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1773"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-091"
      }
    ]
  },
  "id": "VAR-202104-0638",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376433"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:12:00.880000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1773"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212146"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212147"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212148"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212149"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1773"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161246/apple-security-advisory-2021-02-01-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-34452"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0354/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1760"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1766"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1757"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1769"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1761"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1744"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1748"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1764"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1776"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1778"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1772"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1743"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1758"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1750"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1746"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1747"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1741"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1789"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1783"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1787"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1785"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1791"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1786"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1792"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1782"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1759"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://seclists.org/fulldisclosure/2021/feb/17"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1793"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212148."
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212146."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1753"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1762"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1780"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1768"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1767"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1756"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1745"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1763"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212149."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376433"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1773"
      },
      {
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "db": "PACKETSTORM",
        "id": "161246"
      },
      {
        "db": "PACKETSTORM",
        "id": "161247"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1773"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-091"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-376433"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1773"
      },
      {
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "db": "PACKETSTORM",
        "id": "161246"
      },
      {
        "db": "PACKETSTORM",
        "id": "161247"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1773"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-091"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-376433"
      },
      {
        "date": "2021-04-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1773"
      },
      {
        "date": "2021-02-02T16:09:50",
        "db": "PACKETSTORM",
        "id": "161248"
      },
      {
        "date": "2021-02-02T16:08:18",
        "db": "PACKETSTORM",
        "id": "161246"
      },
      {
        "date": "2021-02-02T16:08:52",
        "db": "PACKETSTORM",
        "id": "161247"
      },
      {
        "date": "2021-04-02T18:15:20.810000",
        "db": "NVD",
        "id": "CVE-2021-1773"
      },
      {
        "date": "2021-02-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-091"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-04-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-376433"
      },
      {
        "date": "2021-04-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1773"
      },
      {
        "date": "2021-04-09T17:21:15.057000",
        "db": "NVD",
        "id": "CVE-2021-1773"
      },
      {
        "date": "2021-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-091"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-091"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple ImageIO Input validation error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-091"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-091"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.